/*     */ package com.zimbra.qa.unittest.prov.ldap;
/*     */ 
/*     */ import com.google.common.collect.Maps;
/*     */ import com.zimbra.common.localconfig.KnownKey;
/*     */ import com.zimbra.common.localconfig.LC;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AccountServiceException;
/*     */ import com.zimbra.cs.account.Domain;
/*     */ import com.zimbra.cs.account.Provisioning.Result;
/*     */ import com.zimbra.cs.account.auth.AuthContext.Protocol;
/*     */ import com.zimbra.cs.account.auth.AuthMechanism.AuthMech;
/*     */ import com.zimbra.cs.account.ldap.LdapProv;
/*     */ import com.zimbra.cs.account.ldap.entry.LdapAccount;
/*     */ import com.zimbra.cs.ldap.LdapConnType;
/*     */ import com.zimbra.cs.ldap.unboundid.InMemoryLdapServer.Password;
/*     */ import com.zimbra.qa.unittest.prov.Names;
/*     */ import com.zimbra.qa.unittest.prov.ProvTest.SkipTestReason;
/*     */ import com.zimbra.qa.unittest.prov.ProvTest.SkippedForInMemLdapServerException;
/*     */ import java.util.HashMap;
/*     */ import java.util.Map;
/*     */ import org.junit.AfterClass;
/*     */ import org.junit.Assert;
/*     */ import org.junit.BeforeClass;
/*     */ import org.junit.Test;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class TestLdapProvExternalLdapAuth
/*     */   extends LdapTest
/*     */ {
/*     */   private static LdapProvTestUtil provUtil;
/*     */   private static LdapProv prov;
/*     */   private static Domain domain;
/*  48 */   private static LdapConnType testConnType = LdapConnType.PLAIN;
/*     */   
/*     */   @BeforeClass
/*     */   public static void init() throws Exception {
/*  52 */     provUtil = new LdapProvTestUtil();
/*  53 */     prov = provUtil.getProv();
/*  54 */     domain = provUtil.createDomain(baseDomainName(), null);
/*     */   }
/*     */   
/*     */   @AfterClass
/*     */   public static void cleanup() throws Exception {
/*  59 */     Cleanup.deleteAll(new String[] { baseDomainName() });
/*     */   }
/*     */   
/*     */   private Account createAccount(String localPart) throws Exception {
/*  63 */     return createAccount(localPart, null);
/*     */   }
/*     */   
/*     */   private Account createAccount(String localPart, Map<String, Object> attrs) throws Exception {
/*  67 */     return provUtil.createAccount(localPart, domain, attrs);
/*     */   }
/*     */   
/*     */   private String getAccountDN(Account acct) throws Exception {
/*  71 */     return ((LdapAccount)acct).getDN();
/*     */   }
/*     */   
/*     */   private String getLdapURL() {
/*  75 */     if (LdapConnType.LDAPI == testConnType) {
/*  76 */       Assert.fail();
/*  77 */       return null; }
/*  78 */     if (LdapConnType.LDAPS == testConnType) {
/*  79 */       return "ldaps://" + LC.zimbra_server_hostname.value() + ":636";
/*     */     }
/*  81 */     return "ldap://" + LC.zimbra_server_hostname.value() + ":389";
/*     */   }
/*     */   
/*     */   private String getWantStartTLS()
/*     */   {
/*  86 */     if (LdapConnType.STARTTLS == testConnType) {
/*  87 */       return "TRUE";
/*     */     }
/*  89 */     return null;
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void checkAuthConfigBySearch() throws Exception
/*     */   {
/*  95 */     String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
/*  96 */     Account acct = createAccount(ACCT_NAME_LOCALPART);
/*  97 */     String ACCT_DN = getAccountDN(acct);
/*  98 */     String PASSWORD = "test123";
/*     */     
/* 100 */     Map<String, Object> attrs = new HashMap();
/* 101 */     attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 102 */     attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 103 */     attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 104 */     attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/*     */     
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 110 */     attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 111 */     Provisioning.Result result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 112 */     Assert.assertEquals("check.OK", result.getCode());
/* 113 */     String expectedComputedSearchFilter = "(zimbraMailDeliveryAddress=" + acct.getName() + ")";
/* 114 */     Assert.assertEquals(expectedComputedSearchFilter, result.getComputedDn());
/*     */     
/*     */ 
/* 117 */     attrs.put("zimbraAuthLdapSearchFilter", "(uid=%u)");
/* 118 */     result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 119 */     Assert.assertEquals("check.OK", result.getCode());
/* 120 */     expectedComputedSearchFilter = "(uid=" + ACCT_NAME_LOCALPART + ")";
/* 121 */     Assert.assertEquals(expectedComputedSearchFilter.toLowerCase(), result.getComputedDn().toLowerCase());
/*     */     
/*     */ 
/* 124 */     attrs.put("zimbraAuthLdapSearchFilter", "(mail=%u@%d)");
/* 125 */     result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 126 */     Assert.assertEquals("check.OK", result.getCode());
/* 127 */     expectedComputedSearchFilter = "(mail=" + acct.getName() + ")";
/* 128 */     Assert.assertEquals(expectedComputedSearchFilter, result.getComputedDn());
/*     */     
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 139 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void checkAuthConfigByBindDNTemplate()
/*     */     throws Exception
/*     */   {
/* 146 */     String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
/* 147 */     Account acct = createAccount(ACCT_NAME_LOCALPART);
/* 148 */     String ACCT_DN = getAccountDN(acct);
/* 149 */     String PASSWORD = "test123";
/*     */     
/* 151 */     Map<String, Object> attrs = new HashMap();
/* 152 */     attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 153 */     attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 154 */     attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 155 */     attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/*     */     
/*     */ 
/*     */ 
/*     */ 
/* 160 */     attrs.put("zimbraAuthLdapBindDn", "uid=%u,ou=people,%D");
/* 161 */     Provisioning.Result result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 162 */     Assert.assertEquals("check.OK", result.getCode());
/*     */     
/* 164 */     Assert.assertEquals(ACCT_DN, result.getComputedDn());
/*     */     
/* 166 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void checkAuthConfigFailures() throws Exception {
/* 171 */     String ACCT_NAME_LOCALPART = genAcctNameLocalPart();
/* 172 */     Account acct = createAccount(ACCT_NAME_LOCALPART);
/* 173 */     String ACCT_DN = getAccountDN(acct);
/* 174 */     String PASSWORD = "test123";
/*     */     
/*     */ 
/*     */ 
/* 178 */     Map<String, Object> attrs = Maps.newHashMap();
/*     */     try
/*     */     {
/* 181 */       SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_UNKNOWN_HOST);
/*     */       
/* 183 */       attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 184 */       attrs.put("zimbraAuthLdapURL", "ldap://bogus:389");
/* 185 */       attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 186 */       attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 187 */       attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 188 */       result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 189 */       Assert.assertEquals("check.UNKNOWN_HOST", result.getCode());
/*     */     }
/*     */     catch (ProvTest.SkippedForInMemLdapServerException e) {}
/*     */     try
/*     */     {
/* 194 */       SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_CONNECTION_REFUSED);
/*     */       
/* 196 */       attrs.clear();
/* 197 */       attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 198 */       attrs.put("zimbraAuthLdapURL", "ldap://" + LC.zimbra_server_hostname.value() + ":38900");
/* 199 */       attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 200 */       attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 201 */       attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 202 */       result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 203 */       Assert.assertEquals("check.CONNECTION_REFUSED", result.getCode());
/*     */     }
/*     */     catch (ProvTest.SkippedForInMemLdapServerException e) {}
/*     */     try
/*     */     {
/* 208 */       SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_COMMUNICATION_FAILURE);
/*     */       
/* 210 */       attrs.clear();
/* 211 */       attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 212 */       attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 213 */       attrs.put("zimbraAuthLdapStartTlsEnabled", "TRUE");
/* 214 */       attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 215 */       attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 216 */       attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 217 */       result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/*     */       
/* 219 */       Assert.assertEquals("check.COMMUNICATION_FAILURE", result.getCode());
/*     */     }
/*     */     catch (ProvTest.SkippedForInMemLdapServerException e) {}
/*     */     try
/*     */     {
/* 224 */       SKIP_FOR_INMEM_LDAP_SERVER(ProvTest.SkipTestReason.EXTERNAL_AUTH_STATUS_AUTH_FAILED);
/* 225 */       attrs.clear();
/* 226 */       attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 227 */       attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 228 */       attrs.put("zimbraAuthLdapSearchBindPassword", "bogus");
/* 229 */       attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 230 */       attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 231 */       result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 232 */       Assert.assertEquals("check.AUTH_FAILED", result.getCode());
/*     */     }
/*     */     catch (ProvTest.SkippedForInMemLdapServerException e) {}
/*     */     
/* 236 */     attrs.clear();
/* 237 */     attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 238 */     attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 239 */     attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 240 */     attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 241 */     attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 242 */     Provisioning.Result result = prov.checkAuthConfig(attrs, acct.getName(), "bogus");
/* 243 */     Assert.assertEquals("check.AUTH_FAILED", result.getCode());
/*     */     
/*     */ 
/*     */ 
/*     */ 
/* 248 */     attrs.clear();
/* 249 */     attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 250 */     attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 251 */     attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 252 */     attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 253 */     attrs.put("zimbraAuthLdapSearchBase", "dc=bogus");
/* 254 */     attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/* 255 */     result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 256 */     Assert.assertEquals("check.NAME_NOT_FOUND", result.getCode());
/*     */     
/* 258 */     attrs.clear();
/* 259 */     attrs.put("zimbraAuthMech", AuthMechanism.AuthMech.ldap.name());
/* 260 */     attrs.put("zimbraAuthLdapURL", getLdapURL());
/* 261 */     attrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 262 */     attrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 263 */     attrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n");
/* 264 */     result = prov.checkAuthConfig(attrs, acct.getName(), PASSWORD);
/* 265 */     Assert.assertEquals("check.INVALID_SEARCH_FILTER", result.getCode());
/*     */     
/* 267 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void externalLdapAuthByDNOnAccount() throws Exception {
/* 272 */     LdapProv ldapProv = prov;
/*     */     
/* 274 */     String DOMAIN_NAME = Names.makeDomainName(genDomainSegmentName() + "." + baseDomainName());
/*     */     
/*     */ 
/* 277 */     String authMech = AuthMechanism.AuthMech.ldap.name();
/* 278 */     Map<String, Object> domainAttrs = new HashMap();
/* 279 */     domainAttrs.put("zimbraAuthMech", authMech);
/* 280 */     domainAttrs.put("zimbraAuthLdapURL", getLdapURL());
/* 281 */     domainAttrs.put("zimbraAuthLdapStartTlsEnabled", getWantStartTLS());
/*     */     
/* 283 */     Domain domain = provUtil.createDomain(DOMAIN_NAME, domainAttrs);
/*     */     
/* 285 */     String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
/* 286 */     Account acct = provUtil.createAccount(ACCT_NAME_LOCALPART, domain);
/*     */     
/* 288 */     String ACCT_DN = getAccountDN(acct);
/*     */     
/* 290 */     Map<String, Object> acctAttrs = new HashMap();
/* 291 */     acctAttrs.put("zimbraAuthLdapExternalDn", ACCT_DN);
/* 292 */     ldapProv.modifyAttrs(acct, acctAttrs);
/*     */     
/* 294 */     prov.authAccount(acct, "test123", AuthContext.Protocol.test);
/*     */     
/* 296 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void externalLdapAuthBySearch() throws Exception {
/* 301 */     LdapProv ldapProv = prov;
/*     */     
/* 303 */     String DOMAIN_NAME = Names.makeDomainName(genDomainSegmentName() + "." + baseDomainName());
/*     */     
/*     */ 
/* 306 */     String authMech = AuthMechanism.AuthMech.ldap.name();
/* 307 */     Map<String, Object> domainAttrs = new HashMap();
/* 308 */     domainAttrs.put("zimbraAuthMech", authMech);
/* 309 */     domainAttrs.put("zimbraAuthLdapURL", getLdapURL());
/* 310 */     domainAttrs.put("zimbraAuthLdapStartTlsEnabled", getWantStartTLS());
/* 311 */     domainAttrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 312 */     domainAttrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 313 */     domainAttrs.put("zimbraAuthLdapSearchFilter", "(zimbraMailDeliveryAddress=%n)");
/*     */     
/* 315 */     Domain domain = provUtil.createDomain(DOMAIN_NAME, domainAttrs);
/*     */     
/* 317 */     String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
/* 318 */     Account acct = provUtil.createAccount(ACCT_NAME_LOCALPART, domain);
/*     */     
/* 320 */     prov.authAccount(acct, "test123", AuthContext.Protocol.test);
/*     */     
/* 322 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void externalLdapAuthByBindDNtemplate() throws Exception {
/* 327 */     LdapProv ldapProv = prov;
/*     */     
/* 329 */     String DOMAIN_NAME = Names.makeDomainName(genDomainSegmentName() + "." + baseDomainName());
/*     */     
/*     */ 
/* 332 */     String authMech = AuthMechanism.AuthMech.ldap.name();
/* 333 */     Map<String, Object> domainAttrs = new HashMap();
/* 334 */     domainAttrs.put("zimbraAuthMech", authMech);
/* 335 */     domainAttrs.put("zimbraAuthLdapURL", getLdapURL());
/* 336 */     domainAttrs.put("zimbraAuthLdapStartTlsEnabled", getWantStartTLS());
/* 337 */     domainAttrs.put("zimbraAuthLdapSearchBindPassword", LC.zimbra_ldap_password.value());
/* 338 */     domainAttrs.put("zimbraAuthLdapSearchBindDn", LC.zimbra_ldap_userdn.value());
/* 339 */     domainAttrs.put("zimbraAuthLdapBindDn", "uid=%u,ou=people,%D");
/*     */     
/* 341 */     Domain domain = provUtil.createDomain(DOMAIN_NAME, domainAttrs);
/*     */     
/*     */ 
/*     */ 
/*     */ 
/* 346 */     String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
/* 347 */     Account acct = provUtil.createAccount(ACCT_NAME_LOCALPART, domain);
/*     */     
/* 349 */     prov.authAccount(acct, "test123", AuthContext.Protocol.test);
/*     */     
/* 351 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void zimbraAuthNonSSHA() throws Exception {
/* 356 */     String ACCT_NAME_LOCALPART = Names.makeAccountNameLocalPart(genAcctNameLocalPart());
/* 357 */     Account acct = createAccount(ACCT_NAME_LOCALPART);
/*     */     
/* 359 */     String PASSWORD = InMemoryLdapServer.Password.genNonSSHAPassword("not-ssha-blah");
/*     */     
/*     */ 
/* 362 */     Map<String, Object> acctAttrs = new HashMap();
/* 363 */     acctAttrs.put("userPassword", PASSWORD);
/* 364 */     prov.modifyAttrs(acct, acctAttrs);
/*     */     
/*     */ 
/* 367 */     prov.authAccount(acct, PASSWORD, AuthContext.Protocol.test);
/*     */     
/*     */ 
/*     */ 
/* 371 */     boolean caughtException = false;
/*     */     try {
/* 373 */       prov.authAccount(acct, PASSWORD + "not", AuthContext.Protocol.test);
/*     */     } catch (AccountServiceException e) {
/* 375 */       if ("account.AUTH_FAILED".equals(e.getCode())) {
/* 376 */         caughtException = true;
/*     */       }
/*     */     }
/* 379 */     Assert.assertTrue(caughtException);
/*     */     
/* 381 */     provUtil.deleteAccount(acct);
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/qa/unittest/prov/ldap/TestLdapProvExternalLdapAuth.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */